Presentation is loading. Please wait.

Presentation is loading. Please wait.

MySQL User Privileges: Grant

Published byΛέανδρος Λαγός Modified over 5 years ago

Similar presentations

Presentation on theme: "MySQL User Privileges: Grant"— Presentation transcript:

1 MySQL User Privileges: Grant
Dhiraj Kumar Jha

2 Authentication and Authorization
The terms Authorization and Authentication is usually used when there is tea-talk over database security. All database software (irrespective of vendors) has these features. Authentication: valid credentials (like host, username, password) Authorization: The privileges any user has when logged in to the system. The mysql client can take several arguments up front, including the user name, password, and hostname (computer name). You establish these arguments like so: mysql -u username -p [-h hostname] Using the Mysql Client Once you have successfully installed and started MySQL, you need some sort of way to interact with it. Whereas mysqld is the MySQL server that manages all the data, you need a client application that will talk to mysqld. The most common way to interface with mysqld besides using a programming language is to use the mysql client(or mysql monitor, as it is also called). This application can be used to connect to mysqld running on the same machine, or even on another.

3 The Command mysql –u root –p –h localhost

4 Users and Privileges After you have MySQL successfully up and running, and after you've established a password for the root user, it's time to begin adding other users. To improve the security of your databases, you should always create new users for accessing your databases, rather than continuing to use the root user at all times. The MySQL privileges system was designed to ensure proper authority for certain commands on specific databases. This technology is how a Web host, for example, can securely have several users accessing several databases, without concern. Each user within the MySQL system can have specific capabilities on specific databases from specific hosts (computers). The root userthe MySQL root user, not the system'shas the most power and is used for creating subusers, although subusers can be given root-like powers (inadvisably so).

5 Use any or combination of these.
Privileges Use any or combination of these.

6 Admin Privileges List

7 Newer Privileges

8 SHOW GRANTS FOR 'llama'@'localhost'; // to list the privileges
There are a handful of ways to establish users and privileges within MySQL, but the most failsafe is to use the mysql client and the GRANT command. The syntax goes like this: GRANT privileges ON database.* TO IDENTIFIED BY 'password‘ SHOW GRANTS FOR // to list the privileges Exit ; // to logout For the privileges aspect of this statement, you can list specific privileges or you can allow for all of them using ALL (which is not prudent). The database.* part of the statement specifies which database and tables the user can work on. You can name specific tables using database.tablename syntax or allow for every database with *.* (again, not prudent). Finally, you can specify the user name, the host, and a password. The user name has a maximum length of 16 characters. When creating a user name, be sure to avoid spaces (use the underscore instead) and note that user names are case-sensitive. The host name is the computer from which the user is allowed to connect. The most secure option is to set the host as localhost, meaning that the user can connect only from the same computer on which MySQL is running. The least secure is to use the wildcard character (%), meaning that any host is valid. You can also set the host name to be a specific IP address ( ), an IP address within a certain realm ( %), or a specific host name (mysite.com). Whatever you decide to do, it is the combination of a that is important. If you create two and are entirely different entities.

9 Deleting a user is as simple as running this command, which was added in MySQL 4.1:
DROP USER username If what you'd rather do is just remove some privileges that a user has, you can use the REVOKE command. It works much like GRANT: REVOKE privileges ON database.* FROM

10 Other Security Recommendations
Grant only the most minimal privileges necessary to each user. Avoid granting SUPER or PROCESS privileges unless absolutely necessary. Restrict FILE privilege to administrators. Always require a password for all users. Use good, secure passwords (non-dictionary words, incorporating numbers and symbols, mixed-capitalization, etc.).

11 Other Security Recommendations
Besides, those recommendations, you should: Validate all data used in queries Watch for quotation marks and other problematic characters in queries.

12 Thank you

Download ppt "MySQL User Privileges: Grant"

Similar presentations

PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.

PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.
MySQL Access Privilege System

MySQL Access Privilege System
Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.

Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.
PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.

PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Understand Database Security Concepts

Understand Database Security Concepts
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Securing Oracle Databases CSS-DSG JTrumbo. Audit Recommendations -Make sure databases are current with patches. -Ensure all current default accounts &

Securing Oracle Databases CSS-DSG JTrumbo. Audit Recommendations -Make sure databases are current with patches. -Ensure all current default accounts &
What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.

What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.

Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.

Similar presentations

Ads by Google